Story image

Biggest security threat in Australia? Survey says it’s phishing

13 May 2019

A survey recently undertaken by CSO and commissioned by LogRhythm has made some interesting findings in the state of cybercrime in Australia.

The ‘CSO Security Capabilities Survey 2019’ found that 44 percent of Australian businesses viewed phishing as the biggest security threats they faced in 2018, while ransomware, password and business email compromise continued to beset organisations in the last calendar year.

At the same time, Australian chief information security officers continued to struggle to combat a rising climate of cybersecurity compromise, often taking weeks to detect and deal with security breaches.

55 percent of respondents said they were able to detect their last security incident within hours while 16 percent percent said it had taken them up to a week to detect their last security incident – and seven percent had taken even longer.

“These delays really do raise serious concerns for Australian businesses, which since the introduction of the Notifiable Data Breaches (NDB) scheme, have been legally obliged to detect and report on breaches as rapidly as possible,” says LogRhythm Asia Pacific and Japan marketing director Joanne Wong.

“One might well conclude that if businesses cannot detect and evaluate a data breach, the consumer protections put in place by the NDB scheme offer scant chance of remediating breach damage.”

The survey also found that 52 percent of respondents are streamlining their security technologies to reduce the complexity of their environments for their people.  Just under half (48 per cent) of these organisations are now turning to automation to assist employees transition away from security monitoring to focus on value adding tasks.

According to LogRhythm though, Australian companies still vary in maturity when it comes to adopting automation. Half of the respondents said they had applied automated incident detection and response (IDR) to less than half of their infrastructure, while 16 percent said they had successfully rolled out automated incident detection and response capabilities across their entire infrastructure.

Wong says this suggests there is still a long way for Australian businesses to go when it comes to deploying the cybersecurity scalability to match the growing demands of digital transformation.

When asked about budgets, 44 percent of respondents said their security budgets would increase by five per cent or more in 2019, although an almost equal percentage (46 percent) said their budget would stay the same.

Finally, the survey found that security executives are facing a steady onslaught of risks in 2019 from malware and zero-day threats, identity theft, business email compromise, data loss, poor patching, credential theft, and data exfiltration.

Furthermore, there was a surging risk of nation state-sponsored attacks, web site hacks leading to theft of customer information, man-in-the-middle WiFi attacks, cryptojacking,  cloud security breaches, malicious mobile apps, insecure third parties, and Internet of Things devices.

Wong says the broad spectrum of responses produced from the survey confirms that security executives are facing a steady barrage of attacks that target access credentials, weaknesses in devices, and potential weaknesses in the extended connectivity chains that cloud computing and managed service provision have created.

“Ultimately, one of the greatest challenges IT teams face today is protecting their organisations from advanced and potentially costly attacks while operating with a limited budget and even fewer resources,” says Wong.

“This is certainly not an easy task, but with the proper approach, it's also not impossible to protect your organisation's data and critical systems without impacting the agility of the business or increasing IT costs.”

Bitglass appoints new cloud, business development leaders
The cloud security company has appointed vice presidents for worldwide channels and worldwide business development.
Ping Identity offerings accelerates cloud MFA and SSO adoption
90% of respondents trust MFA as an effective security control to protect identity data in public clouds, yet only 60% of organisations have formally adopted it.
Trend Micro introduces cloud and container workload security offering
Container security capabilities added to Trend Micro Deep Security have elevated protection across the DevOps lifecycle and runtime stack.
Veeam joins the ranks of $1bil-revenue software companies
It’s also marked a milestone of 350,000 customers and outlined how it will begin the next stage of its growth.
Veeam enables secondary storage solutions with technology partner program
Veeam has worked with its strategic technology alliance partners to provide flexible deployment options for customers that have continually led to tighter levels of integration.
Veeam Availability Orchestrator update aims to democratise DR
The ability to automatically test, document and reliably recover entire sites, as well as individual workloads from backups in a completely orchestrated way lowers the total cost of ownership (TCO) of DR.
EXCLUSIVE: Forcepoint global channel chief talks strategy
As a solution sold 100% via the channel, cybersecurity solutions company Forcepoint places a strong emphasis on its partner relationships.
Salesforce continues to stumble after critical outage
“To all of our Salesforce customers, please be aware that we are experiencing a major issue with our service and apologise for the impact it is having on you."